To verify the thumbprint/fingerprint, I use a category on NSURLAuthenticationChallenge. You don't have to use a category or can use a different input but the code to get the fingerprint of a certificate would actually be the same.

Regarding the Extended Validation certificates, they're not a different type of certificates, they have the same mechanisms, but the certificate policies field will use a specific certificate policy identifier.

The fingerprint being the hash of the entire certificate, with any modifications (like using EV certificates), the fingerprint would be different but the process to get the fingerprint would be the same.